Re: ..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
On Fri, 30 May 2003 12:23:52 -0400, Splash wrote in message <[EMAIL PROTECTED]>: > At 03:46 PM 5/30/2004 +0200, you wrote: > >..dude, the spammer got sophisticated. ;-) > > Er.. actually that was me messing up and sending the message from my > real name account, not seeing it come through, so sending it again > using my subscribed account.. the Comcast bit is because I use > Comcast's SMTP servers to deliever my mail, since I'm not on > Dreamchaos's subnet from home. ;> > > Both posts do have a legitimate question though. =D > > -Splash/Aaron ..ah. Looks like we're both too trigger happy. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
Re: ..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
On Fri, 30 May 2003 12:23:52 -0400, Splash wrote in message <[EMAIL PROTECTED]>: > At 03:46 PM 5/30/2004 +0200, you wrote: > >..dude, the spammer got sophisticated. ;-) > > Er.. actually that was me messing up and sending the message from my > real name account, not seeing it come through, so sending it again > using my subscribed account.. the Comcast bit is because I use > Comcast's SMTP servers to deliever my mail, since I'm not on > Dreamchaos's subnet from home. ;> > > Both posts do have a legitimate question though. =D > > -Splash/Aaron ..ah. Looks like we're both too trigger happy. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
At 03:46 PM 5/30/2004 +0200, you wrote: ..dude, the spammer got sophisticated. ;-) Er.. actually that was me messing up and sending the message from my real name account, not seeing it come through, so sending it again using my subscribed account.. the Comcast bit is because I use Comcast's SMTP servers to deliever my mail, since I'm not on Dreamchaos's subnet from home. ;> Both posts do have a legitimate question though. =D -Splash/Aaron
Re: ..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
At 03:46 PM 5/30/2004 +0200, you wrote: ..dude, the spammer got sophisticated. ;-) Er.. actually that was me messing up and sending the message from my real name account, not seeing it come through, so sending it again using my subscribed account.. the Comcast bit is because I use Comcast's SMTP servers to deliever my mail, since I'm not on Dreamchaos's subnet from home. ;> Both posts do have a legitimate question though. =D -Splash/Aaron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
On Sat, 29 May 2004 21:30:13 -0400, Aaron wrote in message <[EMAIL PROTECTED]>: > Hi there! > > I'm currently running Debian STABLE, using Postfix for the mail > system, and apache 1.3 for the webserver. I'm finding that users can > log in fine, though they can't seem to delete messages through the web > interface.. Pine works fine at deletion. The error given is: > > ERROR : Could not complete request. > Query:COPY 1:1 "INBOX.Trash" > Reason Given: [TRYCREATE] failed > > I'm unsure what other information is needed to properly diagnose this. > Any help would be greatly apreciated, though. Thanks! > > -Aaron, Dreamchaos.net Administrator > > ..dude, the spammer got sophisticated. ;-) diff -ruN0 Mail/debian/isp/2257 Mail/debian/isp/2258 --- Mail/debian/isp/22572004-05-30 03:57:47.0 +0200 +++ Mail/debian/isp/22582004-05-30 03:57:48.0 +0200 @@ -5 +5 @@ -Received: from mailfe01.swip.net ([130.244.240.101]) by fep19-svc.swip.net+Received: from mailfe08.swip.net ([130.244.240.108]) by fep11-svc.swip.net@@ -7,2 +7,2 @@ - id <[EMAIL PROTECTED]>- for <[EMAIL PROTECTED]>; Sun, 30 May 2004 03:46:11 +0200+ id <[EMAIL PROTECTED]>+ for <[EMAIL PROTECTED]>; Sun, 30 May 2004 03:48:01 +0200@@ -10,2 +10,2 @@ - by mailfe01.swip.net (CommuniGate Pro SMTP 4.2b4a) - with ESMTP id 47000427 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:46:04 +0200+ by mailfe08.swip.net (CommuniGate Pro SMTP 4.2b4a) + with ESMTP id 49386394 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:47:44 +0200@@ -14,2 +14,2 @@ - id 34428EEAA; Sat, 29 May 2004 20:44:51 -0500 (CDT) -Old-Return-Path: <[EMAIL PROTECTED]> + id 2FCCFEDA7; Sat, 29 May 2004 20:47:27 -0500 (CDT) +Old-Return-Path: <[EMAIL PROTECTED]> @@ -17,3 +17,3 @@ -Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55])- by murphy.debian.org (Postfix) with ESMTP id 139AEEE29- for ; Sat, 29 May 2004 20:43:13 -0500 (CDT)+Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])+ by murphy.debian.org (Postfix) with ESMTP id 328B1E957+ for ; Sat, 29 May 2004 20:30:11 -0500 (CDT)@@ -21,4 +21,4 @@- by comcast.net (sccrmhc11) with SMTP - id <20040530014316011009h0lhe>; Sun, 30 May 2004 01:43:16 +-Message-Id: <[EMAIL PROTECTED]>-X-Sender: [EMAIL PROTECTED] by comcast.net (sccrmhc12) with SMTP+ id <20040530013014012007dadee>; Sun, 30 May 2004 01:30:14 ++Message-Id: <[EMAIL PROTECTED]>+X-Sender: [EMAIL PROTECTED] (Unverified)@@ -26 +26 @@ -Date: Sat, 29 May 2004 21:43:08 -0400 +Date: Sat, 29 May 2004 21:30:13 -0400 @@ -28 +28 @@ -From: Splash Tekalal <[EMAIL PROTECTED]> +From: Aaron Goulding <[EMAIL PROTECTED]> @@ -33,0 +34,2 @@ +X-Rc-Virus: 2004-05-26_04 +X-Rc-Spam: 2004-05-26_01 @@ -36 +38 @@ -X-Spam-Status: No, hits=-1.0 required=4.0 tests=LDOSUBSCRIBER autolearn=no+X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no@@ -39 +41 @@ -Resent-Message-ID: <[EMAIL PROTECTED]> +Resent-Message-ID: <[EMAIL PROTECTED]> @@ -41 +43 @@ -X-Mailing-List: archive/latest/17094 +X-Mailing-List: archive/latest/17095 @@ -51 +53 @@ -Resent-Date: Sat, 29 May 2004 20:44:51 -0500 (CDT) +Resent-Date: Sat, 29 May 2004 20:47:27 -0500 (CDT) @@ -67 +69 @@ --Splash, Dreamchaos.net Administrator +-Aaron, Dreamchaos.net Administrator ..tail -n 67 Mail/debian/isp/2258 Received: from murphy.debian.org ([146.82.138.6] verified) by mailfe08.swip.net (CommuniGate Pro SMTP 4.2b4a) with ESMTP id 49386394 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:47:44 +0200 Received: from localhost (localhost [127.0.0.1]) by murphy.debian.org (Postfix) with QMQP id 2FCCFEDA7; Sat, 29 May 2004 20:47:27 -0500 (CDT) Old-Return-Path: <[EMAIL PROTECTED]> X-Original-To: debian-isp@lists.debian.org Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by murphy.debian.org (Postfix) with ESMTP id 328B1E957 for ; Sat, 29 May 2004 20:30:11 -0500 (CDT) Received: from sweety.dreamchaos.net (pcp04909393pcs.benslm01.pa.comcast.net[68.85.166.189]) by comcast.net (sccrmhc12) with SMTP id <20040530013014012007dadee>; Sun, 30 May 2004 01:30:14 + Message-Id: <[EMAIL PROTECTED]> X-Sender:[EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 29 May 2004 21:30:13 -0400 To: debian-isp@lists.debian.org From: Aaron Goulding <[EMAIL PROTECTED]> Subject: SquirrelMail errors Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Rc-Virus: 2004-05-26_04 X-Rc-Spam: 2004-05-26_01 X-Rc-Virus: 2004-05-26_04 X-Rc-Spam: 2004-05-26_01 X-Spam-Checker-Version: SpamAssassin 2.63-lists.debian.org_2004_05_27_01 (2004-01-11) on murphy.debian.org X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no version=2.63-lists.debian.org_2004_05_27_01 X-
Re: reject non-enlish email body messages
On Sun, May 30, 2004 at 07:55:01AM -0400, Chris Wagner wrote: > At 04:56 PM 5/29/04 +1000, [EMAIL PROTECTED] wrote: > > There's plans to do so. We've been stopped from doing this as > >we'd need a different configuration file on spamassassin for every > >list, and that represents a lot of duplicated work. > > I don't think looking at a language header will do any good. Not all > mailers put in a language code and even if it says "en-us" that doesn't mean > the body will be English. And there will be cases where people with > non-English tags will be in fact posting in English. And I would greatly > question trying to determine the language by "interpreting" the message text. > Checkout spam-assassin language tags[1]. I was pleasantly surprised to see how well they were working. We're running it now, with english as the only ok language to see how it behaves, and it seems to be going quite well. It's not stopping anything however, due to the really really low score we gave it for testing purposes. Cheers, Pasc [1]: http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#language%20options
Re: reject non-enlish email body messages
At 04:56 PM 5/29/04 +1000, [EMAIL PROTECTED] wrote: > There's plans to do so. We've been stopped from doing this as >we'd need a different configuration file on spamassassin for every >list, and that represents a lot of duplicated work. I don't think looking at a language header will do any good. Not all mailers put in a language code and even if it says "en-us" that doesn't mean the body will be English. And there will be cases where people with non-English tags will be in fact posting in English. And I would greatly question trying to determine the language by "interpreting" the message text. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- "...ne cede males" 0100
..dude, spammers get sophisticated, uses Eudora. ;-) , was: SquirrelMail errors
On Sat, 29 May 2004 21:30:13 -0400, Aaron wrote in message <[EMAIL PROTECTED]>: > Hi there! > > I'm currently running Debian STABLE, using Postfix for the mail > system, and apache 1.3 for the webserver. I'm finding that users can > log in fine, though they can't seem to delete messages through the web > interface.. Pine works fine at deletion. The error given is: > > ERROR : Could not complete request. > Query:COPY 1:1 "INBOX.Trash" > Reason Given: [TRYCREATE] failed > > I'm unsure what other information is needed to properly diagnose this. > Any help would be greatly apreciated, though. Thanks! > > -Aaron, Dreamchaos.net Administrator > > ..dude, the spammer got sophisticated. ;-) diff -ruN0 Mail/debian/isp/2257 Mail/debian/isp/2258 --- Mail/debian/isp/22572004-05-30 03:57:47.0 +0200 +++ Mail/debian/isp/22582004-05-30 03:57:48.0 +0200 @@ -5 +5 @@ -Received: from mailfe01.swip.net ([130.244.240.101]) by fep19-svc.swip.net+Received: from mailfe08.swip.net ([130.244.240.108]) by fep11-svc.swip.net@@ -7,2 +7,2 @@ - id <[EMAIL PROTECTED]>- for <[EMAIL PROTECTED]>; Sun, 30 May 2004 03:46:11 +0200+ id <[EMAIL PROTECTED]>+ for <[EMAIL PROTECTED]>; Sun, 30 May 2004 03:48:01 +0200@@ -10,2 +10,2 @@ - by mailfe01.swip.net (CommuniGate Pro SMTP 4.2b4a) - with ESMTP id 47000427 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:46:04 +0200+ by mailfe08.swip.net (CommuniGate Pro SMTP 4.2b4a) + with ESMTP id 49386394 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:47:44 +0200@@ -14,2 +14,2 @@ - id 34428EEAA; Sat, 29 May 2004 20:44:51 -0500 (CDT) -Old-Return-Path: <[EMAIL PROTECTED]> + id 2FCCFEDA7; Sat, 29 May 2004 20:47:27 -0500 (CDT) +Old-Return-Path: <[EMAIL PROTECTED]> @@ -17,3 +17,3 @@ -Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55])- by murphy.debian.org (Postfix) with ESMTP id 139AEEE29- for <[EMAIL PROTECTED]>; Sat, 29 May 2004 20:43:13 -0500 (CDT)+Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])+ by murphy.debian.org (Postfix) with ESMTP id 328B1E957+ for <[EMAIL PROTECTED]>; Sat, 29 May 2004 20:30:11 -0500 (CDT)@@ -21,4 +21,4 @@- by comcast.net (sccrmhc11) with SMTP - id <20040530014316011009h0lhe>; Sun, 30 May 2004 01:43:16 +-Message-Id: <[EMAIL PROTECTED]>-X-Sender: [EMAIL PROTECTED] by comcast.net (sccrmhc12) with SMTP+ id <20040530013014012007dadee>; Sun, 30 May 2004 01:30:14 ++Message-Id: <[EMAIL PROTECTED]>+X-Sender: [EMAIL PROTECTED] (Unverified)@@ -26 +26 @@ -Date: Sat, 29 May 2004 21:43:08 -0400 +Date: Sat, 29 May 2004 21:30:13 -0400 @@ -28 +28 @@ -From: Splash Tekalal <[EMAIL PROTECTED]> +From: Aaron Goulding <[EMAIL PROTECTED]> @@ -33,0 +34,2 @@ +X-Rc-Virus: 2004-05-26_04 +X-Rc-Spam: 2004-05-26_01 @@ -36 +38 @@ -X-Spam-Status: No, hits=-1.0 required=4.0 tests=LDOSUBSCRIBER autolearn=no+X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no@@ -39 +41 @@ -Resent-Message-ID: <[EMAIL PROTECTED]> +Resent-Message-ID: <[EMAIL PROTECTED]> @@ -41 +43 @@ -X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/17094 +X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/17095 @@ -51 +53 @@ -Resent-Date: Sat, 29 May 2004 20:44:51 -0500 (CDT) +Resent-Date: Sat, 29 May 2004 20:47:27 -0500 (CDT) @@ -67 +69 @@ --Splash, Dreamchaos.net Administrator +-Aaron, Dreamchaos.net Administrator ..tail -n 67 Mail/debian/isp/2258 Received: from murphy.debian.org ([146.82.138.6] verified) by mailfe08.swip.net (CommuniGate Pro SMTP 4.2b4a) with ESMTP id 49386394 for [EMAIL PROTECTED]; Sun, 30 May 2004 03:47:44 +0200 Received: from localhost (localhost [127.0.0.1]) by murphy.debian.org (Postfix) with QMQP id 2FCCFEDA7; Sat, 29 May 2004 20:47:27 -0500 (CDT) Old-Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by murphy.debian.org (Postfix) with ESMTP id 328B1E957 for <[EMAIL PROTECTED]>; Sat, 29 May 2004 20:30:11 -0500 (CDT) Received: from sweety.dreamchaos.net (pcp04909393pcs.benslm01.pa.comcast.net[68.85.166.189]) by comcast.net (sccrmhc12) with SMTP id <20040530013014012007dadee>; Sun, 30 May 2004 01:30:14 + Message-Id: <[EMAIL PROTECTED]> X-Sender:[EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 29 May 2004 21:30:13 -0400 To: [EMAIL PROTECTED] From: Aaron Goulding <[EMAIL PROTECTED]> Subject: SquirrelMail errors Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Rc-Virus: 2004-05-26_04 X-Rc-Spam: 2004-05-26_01 X-Rc-Virus: 2004-05-26_04 X-Rc-Spam: 2004-05-26_01 X-Spam-Checker-Version: SpamAssassin 2.63-lists.debian.org_2004_05_27_01 (2004-01-11) on murphy.debian.org X-Spam-Status: No, hits=0.0 required=4.0 tes
Re: Postfix SMTP AUTH with TLS Problems
Hi Adam! I've spent night night postfix and sasl. I know now how to get it working, but it's a mess. I assume you un-chrooted postfix in /etc/postfix/master.cf. There you can say replace "smtp" in the last column with "smtp -vvv", then you will get incrdibly detailed log. You don't tell us what you want to authenticate: Do you want a sasl-DB? Do you want passwd/shadow? LDAP??? pam? I my case it was always passwd/shadow. If this is the case, these may help you: # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN DIGEST-MD5 # cat /etc/default/saslauthd START=yes MECHANISMS=shadow Clear?? Of course you have to have those sasl-libs installed, check if /usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that you un-chrooted it!!! To check, which sasl options postfix offers in main.cf, type "postconf |grep sasl". I think these are the most important ones: smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. This is imporant then postfix asks saslauthd to authenticate user blabla, because postfix would append the sasl local domain lile [EMAIL PROTECTED] saslauthd will most likely not know the latter one: You passwd/shadow only knows "blabla", but you could create a sasl-DB with the user "[EMAIL PROTECTED]". I took me some time to get behind this. I hope I remeber it correctly :-) BTW: TLS is not your Problem yet! After SASL works, you may switch you customers "Outlook" to "Use Authentication but no encrpytion" (Check screenshots here: http://www.net-lab.net/e-trolley/page_198/index.html - only in German but should be clear by position of the buttoons ;)) Then you should take care about TLS and Creating your certs (Write a Mini-Howto on that?) HTH rgds, Andreas Adam Dawes wrote: I know this has come up a few times before, but I'm pulling my hair out trying to get my Postfix-tls installation working to do SMTP auth. I have followed the very helpful howto below to the letter. http://lists.q-linux.com/pipermail/plug/2003-July/029503.html When I restart my postfix and telnet to localhost 25, my postfix chokes. Here's what I see in my mail.log: May 29 14:12:16 sawdois postfix/smtpd[9906]: starting TLS engine May 29 14:12:16 sawdois postfix/smtpd[9906]: fatal: no SASL authentication mechanisms May 29 14:12:17 sawdois postfix/master[9898]: warning: process /usr/lib/postfix/smtpd pid 9906 exit status 1 May 29 14:12:17 sawdois postfix/master[9898]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Here's background on my installation: Debian Woody unstable Postfix 2.0.16-4 Postfix-tls 2.0.16-4 sasl2-bin 2.1.15-6 The above HOWTO is supposed to work with Postfix still running chroot. I've tried to unchroot Postfix to see if that would work but to no success. One thought is that the Postfix packages don't seem to support PAM. But if this is I haven't found anyone on the net with a similar problem and I would assume it would have come up already if this were the key snafu. Here are the links that I have: sawdois:/# ldd /usr/lib/postfix/smtpd libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0x40021000) libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0x40027000) libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000) libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000) libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000) libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x40099000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000) libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000) libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000) libresolv.so.2 => /lib/libresolv.so.2 (0x40281000) libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000) libc.so.6 => /lib/libc.so.6 (0x40296000) libdl.so.2 => /lib/libdl.so.2 (0x403c9000) libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) Any ideas about where I should go from here? thanks, Adam -- Andreas John net-lab GmbH Luisenstrasse 30b 63067 Offenbach Tel: +49 69 85700331 http://www.net-lab.net
Re: reject non-enlish email body messages
On Sun, May 30, 2004 at 07:55:01AM -0400, Chris Wagner wrote: > At 04:56 PM 5/29/04 +1000, [EMAIL PROTECTED] wrote: > > There's plans to do so. We've been stopped from doing this as > >we'd need a different configuration file on spamassassin for every > >list, and that represents a lot of duplicated work. > > I don't think looking at a language header will do any good. Not all > mailers put in a language code and even if it says "en-us" that doesn't mean > the body will be English. And there will be cases where people with > non-English tags will be in fact posting in English. And I would greatly > question trying to determine the language by "interpreting" the message text. > Checkout spam-assassin language tags[1]. I was pleasantly surprised to see how well they were working. We're running it now, with english as the only ok language to see how it behaves, and it seems to be going quite well. It's not stopping anything however, due to the really really low score we gave it for testing purposes. Cheers, Pasc [1]: http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#language%20options -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: reject non-enlish email body messages
At 04:56 PM 5/29/04 +1000, [EMAIL PROTECTED] wrote: > There's plans to do so. We've been stopped from doing this as >we'd need a different configuration file on spamassassin for every >list, and that represents a lot of duplicated work. I don't think looking at a language header will do any good. Not all mailers put in a language code and even if it says "en-us" that doesn't mean the body will be English. And there will be cases where people with non-English tags will be in fact posting in English. And I would greatly question trying to determine the language by "interpreting" the message text. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- "...ne cede males" 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix SMTP AUTH with TLS Problems
Hi Adam! I've spent night night postfix and sasl. I know now how to get it working, but it's a mess. I assume you un-chrooted postfix in /etc/postfix/master.cf. There you can say replace "smtp" in the last column with "smtp -vvv", then you will get incrdibly detailed log. You don't tell us what you want to authenticate: Do you want a sasl-DB? Do you want passwd/shadow? LDAP??? pam? I my case it was always passwd/shadow. If this is the case, these may help you: # cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN DIGEST-MD5 # cat /etc/default/saslauthd START=yes MECHANISMS=shadow Clear?? Of course you have to have those sasl-libs installed, check if /usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that you un-chrooted it!!! To check, which sasl options postfix offers in main.cf, type "postconf |grep sasl". I think these are the most important ones: smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. This is imporant then postfix asks saslauthd to authenticate user blabla, because postfix would append the sasl local domain lile [EMAIL PROTECTED] saslauthd will most likely not know the latter one: You passwd/shadow only knows "blabla", but you could create a sasl-DB with the user "[EMAIL PROTECTED]". I took me some time to get behind this. I hope I remeber it correctly :-) BTW: TLS is not your Problem yet! After SASL works, you may switch you customers "Outlook" to "Use Authentication but no encrpytion" (Check screenshots here: http://www.net-lab.net/e-trolley/page_198/index.html - only in German but should be clear by position of the buttoons ;)) Then you should take care about TLS and Creating your certs (Write a Mini-Howto on that?) HTH rgds, Andreas Adam Dawes wrote: I know this has come up a few times before, but I'm pulling my hair out trying to get my Postfix-tls installation working to do SMTP auth. I have followed the very helpful howto below to the letter. http://lists.q-linux.com/pipermail/plug/2003-July/029503.html When I restart my postfix and telnet to localhost 25, my postfix chokes. Here's what I see in my mail.log: May 29 14:12:16 sawdois postfix/smtpd[9906]: starting TLS engine May 29 14:12:16 sawdois postfix/smtpd[9906]: fatal: no SASL authentication mechanisms May 29 14:12:17 sawdois postfix/master[9898]: warning: process /usr/lib/postfix/smtpd pid 9906 exit status 1 May 29 14:12:17 sawdois postfix/master[9898]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Here's background on my installation: Debian Woody unstable Postfix 2.0.16-4 Postfix-tls 2.0.16-4 sasl2-bin 2.1.15-6 The above HOWTO is supposed to work with Postfix still running chroot. I've tried to unchroot Postfix to see if that would work but to no success. One thought is that the Postfix packages don't seem to support PAM. But if this is I haven't found anyone on the net with a similar problem and I would assume it would have come up already if this were the key snafu. Here are the links that I have: sawdois:/# ldd /usr/lib/postfix/smtpd libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0x40021000) libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0x40027000) libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000) libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000) libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000) libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x40099000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000) libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000) libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000) libresolv.so.2 => /lib/libresolv.so.2 (0x40281000) libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000) libc.so.6 => /lib/libc.so.6 (0x40296000) libdl.so.2 => /lib/libdl.so.2 (0x403c9000) libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) Any ideas about where I should go from here? thanks, Adam -- Andreas John net-lab GmbH Luisenstrasse 30b 63067 Offenbach Tel: +49 69 85700331 http://www.net-lab.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
